Prepare for cybersecurity assessments from your customers

PORTLAND, Maine—When a cyberattack occurs, it’s rarely an isolated occurrence. A single cybersecurity incident at one organization creates a ripple effect — impacting vendors, service providers, customers, and many others throughout the supply chain.

Enterprise organizations now realize that their service providers — the smaller vendors they do business with every day — may be a potential weak link or even a gateway to a breach. Enter the vendor cybersecurity assessment and the security integrator’s need to be ready to respond to its requests with a plan in place to actively minimize customer risk.

To get an idea of the cascading effect of cyber breaches, consider a few major incidents this year:

  • SolarWinds is a U.S. company that develops software for businesses to manage their networks, systems, and IT infrastructure. Attackers were able to compromise its Orion software impacting customers reportedly who included private and government agencies. As of early 2021, it was reported that the SolarWinds attack may have impacted an estimated 18,000 organizations across the globe with over 100 organizations being directly compromised.
  • The Microsoft Exchange Server incident  has been blamed on an advanced persistent threat (APT) group called Hafnium who used a zero-day flaw that allowed infiltration in to email and other IT systems. This incident had a waterfall effect as it affected an estimated 60,000 customers who scrambled to patch software before becoming further targets and victims.
  • As consumers, we all saw the widespread impact of a ransomware attack when Colonial pipeline’s operations were shut down by attackers resulting in the limitation of fuel supply to the east coast for days.  Following the incident the Biden Administration announced that U.S. pipeline operators will need to conduct assessments and tighten defenses. 

Security Integrators and the supply chain

Cyber incidents can also impact the security integration industry. Security companies have a responsibility to address any potential risks that may impact customers, with an understanding that their work is of a sensitive nature and provides them privileged access to sensitive data. Here are some…